Fwd: Netcraft News - Tuesday March 29, 2011

0 views
Skip to first unread message

صادق

unread,
Mar 29, 2011, 10:39:43 PM3/29/11
to yazdlug

- Sadeq



---------- Forwarded message ----------
From: <anno...@lists.netcraft.com>
Date: 29 March 2011 16:50
Subject: Netcraft News - Tuesday March 29, 2011
To: sad...@gmail.com


Having trouble reading this email? Read online, Follow Us on Twitter, or Subscribe via RSS
Netcraft

Netcraft Services

Phishing & Security
Internet Data Mining
Internet Exploration
Performance
Advertising
About Netcraft
Contact Us

Article Categories

Archives

To prove responsibility for the recent security breach at a Comodo affiliate Registration Authority, the "Comodo Hacker" has uploaded the private key for the one of the fraudulently obtained SSL certificates.

Netcraft has verified that the private key does correspond to the fraudulently issued SSL certificate for addons.mozilla.org. Only Comodo, the affiliate, or the hacker could have known this secret key.

As the uploaded private key does not require a passphrase, it can readily be used by other attackers. Certificate revocation mechanisms have come under recent criticism for not working effectively, so the publication of the private key introduces a widespread risk of man-in-the-middle attacks against Mozilla Add-ons users.

To get around the revocation problems, most web browser software has been updated to explicitly blacklist the bogus certificates. Users can therefore protect themselves by upgrading to the latest versions.

Posted by Paul Mutton on 29th March, 2011 in Security

Dozens of websites run by GlobalTrust remain offline following the recent security breach at a Comodo affiliate Registration Authority.

Although Comodo did not name the compromised RA in its incident report, all of the fraudulently issued certificates refer to GTI Group Corporation in the organisational unit field. GlobalTrust is a division of this group, and has been issuing SSL certificates as a Comodo partner since 2006.

Over the weekend, an individual purporting to have carried out the attack revealed on Pastebin.com that Comodo was hacked via InstantSSL.it. According to meta tags, this site was owned by GlobalTrust, but now bears a Comodo logo with a "site under construction" placeholder. Many other websites run by GlobalTrust have also been shut down and replaced with GlobalTrust-branded "under construction" pages, presumably while forensic investigations continue.

Existing GlobalTrust customers may be affected by the temporary suspension of these sites; for instance, trust seals can no longer be served from https://trustseal.globaltrust.it because the site is no longer accepting any HTTPS connections.

Netcraft's Web Server Survey highlights several other websites which currently display the GlobalTrust "under construction" page, including www.banksafe.it, www.comodogroup.it, www.cybercrimeworkingroup.org and, ironically, www.riskmitigation.it. GlobalTrust's founder, Massimo Penco, has also had his personal website replaced with the same GlobalTrust "site under construction" page.

During a phone call with Netcraft last Thursday, Mr Penco denied that GlobalTrust was the unnamed RA cited in the original Comodo incident report.

Posted by Paul Mutton on 28th March, 2011 in Security
Copyright © Netcraft Ltd 2010. All Rights Reserved.

Subscription Details

To Subscribe: Send a message to webserver-sur...@lists.netcraft.com
To Unsubscribe: Send a message to webserver-surv...@lists.netcraft.com
To Get Help: Send a message to webserver-...@lists.netcraft.com

Reply all
Reply to author
Forward
0 new messages